AA-22-2021A, TA009, TA0010, T1213, T1120, ABC News

Credit: Dreamstime

The Cybersecurity and Infrastructure Security Agency (CISA) issued on July 20, 2021, an alert (AA-22-2021A) addressing the successful Chinese intrusion of the United States oil and natural gas pipeline companies from 2011 to 2013.

In its alert, CISA shares the frequency with which the attacks occurred, number of confirmed compromises, number of near misses, and the number of attacks whose depth of intrusion was undetermined.

Chinese fingers in the infrastructure pie

Attribution is an art form and one of the most difficult to achieve given the ever-evolving methods and techniques used by the attacking entity, especially when the determined entity is a nation-state with seemingly unlimited resources. CISA, together with the FBI is unambiguous in the determination and attribution of these attacks to Chinese state-sponsored actors. The target was Supervisory Control and Data Acquisition (SCADA) networks.

Not surprising to CISOs the attacks were tied to a successful spear-phishing campaign that started in December 2011 and continued until February 2012. Four separate MITRE ATT&AK tactic collections were highlighted in the CISA alert:

  • TA009 – (October 2018 updated July 2019) Adversary techniques to gather information and sources of information
  • TA0010 – (October 2018 updated July 2019) Adversary exfiltration techniques as they try to steal data
  • T1213 – (October 2018 last updated April 2021) Adversary leverage of information repositories to mine information. Of note is the value that the seemingly mundane data is to adversaries and all CISOs would be well served to remind users that the following types of information highlighted in T1213, when compromised, provide the adversaries targeting team with a plethora of data to facilitate future attacks.
    • Policies, procedures, and standards
    • Physical/logical network diagrams
    • System architecture diagrams
    • Technical system documentation
    • Testing/development credentials
    • Work/project schedules
    • Source-code snippets
    • Links to network shares and other internal resources
  • T1120 – (May 2017 updated March 2020) Adversaries attempt to gather information about attached peripheral devices

CISA highlights the Chinese compromise of 13 of cy targeted companies and noted that eight of the 23 companies may have been compromised, but the level of compromise was undetermined. Not exactly what a CISO wants to report to the C-suite/board.

Perhaps most troubling and thus worthy of approbation is the fact that had the Chinese attackers been more successful they could have “impersonated legitimate system operators to conduct unauthorised operations.”

The attackers did, however, garner access to “dial-up access,” which remains a mainstay within the energy sector’s industrial control systems (ICS). CISA characterises this as the Chinese preparation of the environment for “future operations.”

In other words, preparing the environment in the event China had a national security reason to disrupt, damage and impede the oil and natural gas distribution networks in the United States.

The CISA alert does not identify which entities in China were responsible for these attacks. ABC News did, however, report in February 2013 on the Mandiant/FireEye attribution of cyber attacks to China’s PLA Unit 61398 located in Pudong, Shanghai.

The report alleged Unit 61398 as being responsible for the theft of “hundreds of terabytes of data from at least 141 organisations” since 2006 of which at least 115 were in the US and were spread across multiple sectors, including energy.

China’s not alone, Russia also targeted the energy sector

Not long ago, March 2018, the CISA issued a similar alert highlighting The Russian Federation’s efforts to target commercial entities within the energy sectors ICS using spear-phishing in which they gained “remote access.” During their presence within the network, CISA noted that the Russian intruders “conducted network reconnaissance, moved laterally, and collected information pertaining to the ICS.”

ICS CISOs: Invest in cyber security infrastructure

The need for CISOs responsible for industrial control systems to be investing in basic cyber infrastructure has never been more evident than the klaxon calls to move away from the use of dial-up connectivity within their infrastructure given the inherent security weaknesses which these devices present.

CISA highlights these as, “direct access into the ICS environment with little or no security and no monitoring” (emphasis added).

This begs the question. If a company does not have access control or the ability to monitor who is accessing their ICS network, how does one determine if they have been penetrated by the Chinese or Russians?

The alert highlighted how 35 per cent of the targeted companies were unable to determine the depth of the Chinese penetration into their ICS. Imagine being one of those eight CISO sitting there in the dark and unable to answer the question: “What did the adversary do once they compromised our network?”

CISOs should take this to the bank and use this as evidence of nation state interest, as well as justification for the infusion of resources to augment and adjust their current security posture.


Japan travel news, japan travel guides, japan holiday destinations and japan reviews

LATEST NEWS

NEWS RELATED

LG Display swings to profits in Q2

SEOUL, July 28 (Yonhap) — LG Display Co. on Wednesday reported its second-quarter net profit of 423.8 billion won (US$368.5 million), shifting from a loss of 503.8 billion won a year earlier. Operating income for the April-June period was 701.1 billion, compared with a loss of 517 billion won a…

Read more: LG Display swings to profits in Q2

Apple reports record quarter as China sales jump 58%

PALO ALTO, U.S. — Apple reported its highest-ever June quarter revenue on Tuesday, driven by robust sales of its first 5G iPhones, especially in China. The U.S. tech giant warned, however, that ongoing supply constraints are expected to worsen in the September quarter, particularly for the iPhone and iPad. For…

Read more: Apple reports record quarter as China sales jump 58%

Large firms cut pollutant emissions in half over 5 years

SEOUL, July 28 (Yonhap) — Large companies in South Korea have more than halved their air pollutant emissions over the past five years amid the government’s anti-coal policies, a corporate tracker said Wednesday. Air pollutant emissions by 166 plants of 77 large businesses came to 139,112 tons in 2020, down…

Read more: Large firms cut pollutant emissions in half over 5 years

Aspiring job applicants in India tune in to Khabri

Originally a news broadcast app, Khabri has pivoted to become an audio-only edtech platform.

Read more: Aspiring job applicants in India tune in to Khabri

HP targets new compute models for hybrid work with Teradici buy

Credit: Dreamstime HP Inc. has acquired remote computing software provider Teradici Corporation, a move it hopes will see it enhance its personal systems capabilities through new compute models and services tailored for hybrid work.  Based in Vancouver, Canada, Teradici lays claim to the PC-over-IP (PCoIP) remote display protocol, designed to…

Read more: HP targets new compute models for hybrid work with Teradici buy

HP targets new compute models for hybrid work with Teradici buy

HP Inc. has acquired remote computing software provider Teradici Corporation, a move it hopes will see it enhance its personal systems capabilities through new compute models and services tailored for hybrid work.  Based in Vancouver, Canada, Teradici lays claim to the PC-over-IP (PCoIP) remote display protocol, designed to deliver desktops…

Read more: HP targets new compute models for hybrid work with Teradici buy

Surface, Windows sales hurt by chip shortages

Chip shortages have hit one of the world’s largest software companies, Microsoft, and its line-up of Surface PCs. Redmond reported net income of US$16.5 billion (up 47 per cent from a year ago) on revenue of $46.2 billion, an increase of 21 per cent over the same period. But two…

Read more: Surface, Windows sales hurt by chip shortages

HP targets new compute models for hybrid work with Teradici buy

Credit: Dreamstime HP Inc. has acquired remote computing software provider Teradici Corporation, a move it hopes will see it enhance its personal systems capabilities through new compute models and services tailored for hybrid work.  Based in Vancouver, Canada, Teradici lays claim to the PC-over-IP (PCoIP) remote display protocol, designed to…

Read more: HP targets new compute models for hybrid work with Teradici buy

HP targets new compute models for hybrid work with Teradici buy

IBM upgrades Big Iron OS for better cloud, security and AI support

Hyundai workers accept company's wage offers amid pandemic

YouTube on track to overtake BBC as main source of news for young Britons: regulator

Is SD-WAN out to kill MPLS?

GitHub to help developers with DMCA disputes

Services growth highlights Apple’s big $81.4B Q3 results

APT group hits IIS web servers with deserialisation flaws and memory-resident malware

OTHER NEWS